Skype 5.3 – ‘Mobile Phone’ HTML Injection

• Exploit Database
• 122 阅读

• 作者： noptrix
  日期： 2011-08-01
• 类别：

  • remote
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/36004/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14

  source: https://www.securityfocus.com/bid/48951/info   Skype is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.   Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.   Skype 5.3.0.120 and prior are vulnerable; other versions may also be affected.   The following sample input is available:   "><iframe src=&apos;https://www.exploit-db.com/exploits/36004/&apos; onload=alert(&apos;mphone&apos;)>   A video demonstrating the attack is available. Please see the references for more information.